Authorized access in Timetracker for Azure DevOps Services cloud and on-prem have different implementations. Please use the proper approach.
Authorized Access in Timetracker cloud (Azure DevOps Services)
For authorized access to Timetracker’s API, we use OAuth 2.0 Authorization Framework. OAuth 2.0 supports the following grants (by grants, we mean ways of retrieving an access token):
- Authorization Code Flow is the way that we initially obtain an access token.
For more information on the OAuth 2.0 Authorization Code Flow, see section 4.1 of the OAuth 2.0 specification: https://tools.ietf.org/html/rfc6749#section-4.1.
- RefreshTokens is the way we update expired access tokens.
For more information on Refresh Tokens, see section 1.5: https://tools.ietf.org/html/rfc6749#section-1.5.
Note: Please use OpenApi as client_id to authorize any external application.
Authorized Access in Timetracker on-prem (Azure DevOps Server)
To use Timetracker REST/SignalR API in on-prem environment you don’t need tokens. All requests must be authorized with NTLM authorization.
To see details on authorizing access to API please see our documentation: https://www.7pace.com/redir/api-auth
Timetracker has this set of APIs:
- RESTful API
- OData API
For an introduction to SignalR , please see: (https://docs.microsoft.com/en-us/aspnet/signalr/overview/getting-started/introduction-to-signalr)